Biometric data protection

ABSTRACT

Aspects of the present disclosure relate to enhancing biometric security. A biometric template and a biometric sample can be compared using a first security technique having a first ECC framework with a first number of codewords. A determination can be made that the biometric template and biometric sample do not match using the first security technique. The biometric template and the biometric sample can then be compared using a second security technique having a second ECC framework with a second number of codewords, the second number of codewords less than the first number of codewords. A determination can then be made that the biometric template and the biometric sample match, and a user associated with the biometric sample can be verified.

BACKGROUND

The present disclosure relates generally to the field of security, andmore particularly to securing biometric samples.

Passwords are a common method to authenticate users. A typical passwordincludes alphanumeric characters that are validated in order to permit auser to access one or more computer resources. Passwords are used duringlog-in processes, to facilitate access to computer resources such asaccounts, databases, networks, websites, and/or applications. Recently,biometric authentication has become increasingly popular as opposed to,or in addition to, alphanumeric passwords. Biometric authenticationrelies on unique biological characteristics (e.g., iris patterns,fingerprints, facial shapes, etc.) to verify users.

SUMMARY

Embodiments of the present disclosure relate to a method, system, andcomputer program product for enhancing biometric security. A biometrictemplate and a biometric sample can be compared using a first securitytechnique having a first error correcting code (ECC) framework with afirst number of codewords. A determination can be made that thebiometric template and biometric sample do not match using the firstsecurity technique. The biometric template and the biometric sample canthen be compared using a second security technique having a second ECCframework with a second number of codewords, the second number ofcodewords less than the first number of codewords. A determination canthen be made that the biometric template and the biometric sample match,and a user associated with the biometric sample can be verified.

The above summary is not intended to describe each illustratedembodiment or every implementation of the present disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings included in the present disclosure are incorporated into,and form part of, the specification. They illustrate embodiments of thepresent disclosure and, along with the description, serve to explain theprinciples of the disclosure. The drawings are only illustrative oftypical embodiments and do not limit the disclosure.

FIG. 1 is a diagram illustrating an example biometric authenticationprocess, in accordance with embodiments of the present disclosure.

FIG. 2A is a flow-diagram illustrating a process for authenticating auser's biometric sample, in accordance with embodiments of the presentdisclosure.

FIG. 2B is a flow-diagram illustrating an extension of the process ofFIG. 2A including a second security technique, in accordance withembodiments of the present disclosure.

FIG. 3 is a high-level flow-diagram illustrating a biometricauthentication protocol implementing two security techniques, inaccordance with embodiments of the present disclosure.

FIG. 4 is a diagram illustrating a cloud computing environment, inaccordance with embodiments of the present disclosure.

FIG. 5 is a block diagram illustrating abstraction model layers, inaccordance with embodiments of the present disclosure.

FIG. 6 is a high-level block diagram illustrating an example computersystem that may be used in implementing one or more of the methods,tools, and modules, and any related functions, described herein, inaccordance with embodiments of the present disclosure.

While the embodiments described herein are amenable to variousmodifications and alternative forms, specifics thereof have been shownby way of example in the drawings and will be described in detail. Itshould be understood, however, that the particular embodiments describedare not to be taken in a limiting sense. On the contrary, the intentionis to cover all modifications, equivalents, and alternatives fallingwithin the spirit and scope of the disclosure.

DETAILED DESCRIPTION

Aspects of the present disclosure relate generally to the field ofsecurity, and in particular to securing biometric samples. While thepresent disclosure is not necessarily limited to such applications,various aspects of the disclosure may be appreciated through adiscussion of various examples using this context.

Biometric authentication is a security protocol used to verify usersusing biological characteristics. Examples of biological characteristicsthat have been used in biometric authentication include iris patterns,fingerprints, hand shape, vein pattern, facial shape, DNA, blood,saliva, body odor, and voice tone/frequency. Biometric authentication isbecoming increasingly popular due to the convenience and heightenedsecurity compared to passwords. For example, biometric authenticationdoes not require meticulous organization and/or memorizing of passwords.Further, due to the heightened security requirements surroundingpasswords (e.g., length requirements, alphanumeric characterrequirements, change frequency requirements), users commonly writepasswords down, making them vulnerable to attack.

Though biometric authentication can be beneficial compared to passwords,biometrics face several challenges that passwords do not. The number ofdifferent “passwords” in biometric authentication are limited. Forexample, regarding fingerprinting, a given user can only register up toten distinct samples (e.g., per finger). Similarly, regarding irispatterns, a user can only register up to two distinct iris samples(e.g., per eye). Accordingly, biometric sample data is precious, and ifit is compromised, there is not an easy replacement. Further, storingencrypted representations (e.g., hashes) of biometric samples is notpractical. This is because biometric samples vary. For example, twodifferent fingerprint readings from the same user (on the same finger)are rarely identical due to positioning and/or pressure differencesbetween readings.

Accordingly, hashing two different readings would likely produce twodistinct hash representations. For this reason, biometric samples aretypically configured into “templates.” Templates are a collection (e.g.,set) of readings for a given user obtained through an “enrollmentprocess” in which a user presents several biometric readings. Whenauthentication occurs, a user presents a new reading and a matchingalgorithm is applied to compare the new reading to the user's template.Templates are typically stored in explicit form unlike passwords. Thisposes a significant security challenge, as a template can be stolen froma user in an unencrypted form, whereas passwords are typically onlystored in hashed representations.

In order to address this issue, a scheme known as “fuzzy commitment” canbe used to provide “concealing” (e.g., it is infeasible for an attackerto learn the committed value) and “binding” (e.g., the value cannot bedecommitted in more than one way) properties to biometricauthentication. However, fuzzy commitment is counterintuitive to typicalbit commitment schemes because it is tolerant to slight variability(e.g., error between readings). To attain concealing, binding, andvariability tolerance properties, fuzzy commitment utilizes conventionalbit commitment in combination with an error correcting code (ECC)framework.

In conventional bit commitment, a “sender” aims to conceal a bit b byencrypting the bit b to produce an encrypted representation y. Theencrypted representation y is transmitted to a “receiver” over achannel. To commit the bit b, a function y=F (b, x) is used (where “F”is an encryption function of some sort). In this example, x is a witnessused to conceal b. To decommit y, the sender is required to produce thewitness x.

As an example, bit commitment can be analogized to locking a message ina safe. Assume that, Alice, a sender, conceals a message (e.g., a bitsequence) by locking it in a safe (e.g., a hash function) prior tosending it to Bob, a receiver. The safe can only be unlocked by usingthe correct combination (e.g., the witness). Accordingly, if Bob inputsthe correct combination (e.g., produces the witness), he can unlock thesafe to retrieve the message sent from Alice. The process is bindingbecause Alice cannot change her message once it is put into the safe andconcealing because Bob cannot determine the message without unlockingthe safe via the correct combination.

In the biometric space, however, simple bit commitment is impractical,as there can be variability between each biometric sample. For example,assume a function y=F (k, x), where y is some committed value, F is thecommitment function, k is a secret key, and x is a biometric sample.Unless the biometric sample x is an exact match, access to the secretkey is not possible (and the data protected by the secret key cannot beaccessed). Accordingly, an ECC framework is implemented such that thesecret key k can be obtained by using some biometric sample x′, where x′is sufficiently close to x such that the key k can be accessed.

To understand how to add error tolerance to the bit commitment scheme,reference will now be made to an example implementing error correctingcode. Assume Alice, a sender, wants to send a message m to Bob, but themessage is being transmitted over a noisy channel (e.g., in which themessage is prone to potential errors). To allow the message m to betransmitted to Bob over the noisy channel, m can be mapped to a longerstring c, in which c contains redundant elements (e.g., a repetitioncode) of the message m. As an example, if Alice sends the message “Hi”over the noisy channel, in an example where c includes 2 redundantelements of m, the message would be converted into “HHHiii” prior totransmission over the channel. Accordingly, if the message arrives as“HGHiji” (due to corruption over the noisy channel), Bob would be ableto apply the error correcting code decoding function to convert “HGHiji”back to “Hi” (e.g., by mapping “HGHiji” to the nearest codeword in theECC framework). In this example, the predominantly occurring charactersin each triple set allow the corrupted encoded version (e.g., “HGHiji”)to be mapped to the nearest codeword (e.g., “HHHiii”) in the ECCframework and decoded back into the message “Hi”.

As another example, if Alice sends a bit of binary code (010), the errorcorrecting code encoding function would translate the bit string into(000111000). Accordingly, as long as at least two of the binary digitsremain unflipped for each set of three bits corresponding to theoriginal message, the longer string c can be converted back into theoriginal message m. This example illustrates an error tolerance of 1 bit(e.g., if 2 bits in the same triple set flip, the message will bedecoded improperly).

An error correcting code framework consist of a set of codewords C towhich messages are mapped prior to transmission (e.g., following theexample above, codewords could include (111111111), (000111000),(111000111), (000000000), etc.). Upon applying an error correcting code,a message is “encoded” using the ECC scheme, mapping the message to aparticular codeword (e.g., (010) is mapped to (000111000)). When theencoded version of the message (e.g., 000111000) is transmitted over anoisy channel, the encoded message can be “corrupted” (e.g., when bitsflip). The output over the noisy channel is then “decoded” by applyingthe ECC framework. This essentially maps the output to the nearestcodeword (e.g., in terms of hamming distance) of the set C and convertsit back into a non-redundant form. In this example, if the encodedversion of (010) (e.g., (000111000)) is corrupted to (010111001) (e.g.,2 bits flip), when the corrupted codeword is decoded, it will be matchedto the nearest codeword in the set C (e.g., (000111000)) and thenreverted back to the original message (010).

This technique can be used to permit error tolerance in biometricauthentication. Even if a biometric template (e.g., the witness requiredto decommit the bits and retrieve the secret key) and a biometric samplevary, as long as a presented biometric sample (e.g., during test time)can be mapped to the same codeword as the original biometric template,the biometric sample can be matched to the biometric template. Thecodeword the biometric sample is mapped to can then be used to “unlock”the encryption function in order to validate/verify a user. Security isstill maintained however, and if the biometric sample variessignificantly from the biometric template, the sample will be mapped toa different codeword, and consequently, the function will remain locked.

Referring now to the figures, FIG. 1 is a diagram illustrating anexample biometric verification process, in accordance with embodimentsof the present disclosure. One or more biometric samples 100 can becollected during an enrollment process. The biometric samples 100 can becollected via a biometric scanner 115. Any suitable biometric featurescan be used, including fingerprints, voices, facial structures, irispatterns, etc. The biometric scanner 115 used to collect the biometricsamples 100 depends on the type of biometric feature (e.g., for voicerecognition, a microphone is integrated into the biometric scanner 115whereas for fingerprinting, the biometric scanner 115 is a fingerprintscanner). The biometric samples 100 are then used to generate a binarybiometric template 105. That is, the biometric samples are collectivelyconverted into a binary representation to be used to validate a usersometime in the future.

At a later time, the user presents a biometric test sample 110 to thebiometric scanner. The biometric test sample 110 is converted into abinary biometric sample 120. Both the binary biometric template 105 andthe binary biometric sample 120 are input into a computer system 125.The computer system 125 can then analyze the biometric template 105 andbiometric sample 120 to determine whether there is a match (e.g., viaminutiae comparison in a fuzzy commitment framework). If there is amatch, the user can be validated, and access can be granted to one ormore computer resources. If there is not a match (e.g., the matchingfails), access is denied (e.g., the biometric sample is invalidated). Insome instances, the user can be prompted to re-input another biometricsample, in case there was reading error (e.g., due to the scanner 115 oruser).

In embodiments, the biometric scanner 115 and computer system 125 can bestand-alone. In these embodiments, the scanner 115 and computer system125 can be communicatively coupled in any suitable manner (e.g.,wirelessly via the internet or hard wired via Ethernet). In someembodiments, the biometric scanner 115 and computer system 125 can beintegrated into a single machine (e.g., as a part of a laptop computer,smart phone, desktop computer, and the like).

FIG. 2A is a flow-diagram illustrating an example process 200 forvalidating a biometric sample presented by a user, in accordance withembodiments of the present disclosure.

Process 200 initiates where an enrollment template denoted by x of sizeN is received. This is illustrated at step 205. The enrollment templateis a binary representation of one or more biological samples (e.g.,biological samples 100 of FIG. 1) of a user. The binary representation xcan have any suitable length N (e.g., 10 bits, 100 bits, 1000 bits,etc.).

The enrollment template can be generated by converting biometric samples(e.g., fingerprint grooves, voice recording, facial appearance, etc.)into binary representations. In embodiments, converting biometricsamples into a binary representations can be completed using machinelearning (e.g., deep learning) algorithms. For example, biometricsamples can be converted into binary representations by generating ann-dimension feature vector for a given biometric sample and comparingthe feature vector to an ordered set of hyperplanes. Based on therelative position of the feature vector with respect to each hyperplane,binarization can be completed. For example, if the feature vector fallson the negative side of a given hyperplane, a bit value of 0 is assignedto the biometric sample with respect to that hyperplane. Alternatively,if the feature vector falls on the positive side of the hyperplane, abit value of 1 is assigned to the biometric sample. The ordered set ofbits corresponding to the ordered set of hyperplanes construct thebinary representation.

In some embodiments, the enrollment template includes multiple readingsof the same biological feature (e.g., five fingerprint readings from thesame finger). In these embodiments, the multiple readings can becollectively considered (e.g., averaged) when generating the template.In some embodiments, the template is generated using one or moreminutiae of a biological sample (e.g., particular grooves in a fingerprint, tones of a voice, lines in an iris, etc.). In these embodiments,minutiae of a biological template can be compared to a biologicalsample.

A codeword c of the length N is then selected randomly from an errorcorrecting code (ECC) framework. This is illustrated at step 210. Asreferenced above, an error correcting code framework comprises aplurality of codewords to which inputs are mapped. When encoding aparticular input, the input is mapped to the codeword and transmitted(e.g., via a translation function). The output (e.g., aftertransmission, which may be the same codeword or a corrupted versionthereof) is then decoded by mapping the output to the nearest codewordin the ECC framework. The codeword c can be randomly selected in anymanner. For example, each possible codeword (e.g., which can include10³⁰-10⁵⁰ codewords) can be assigned a position, and a random numbergenerator can be used to randomly select a position (e.g., and thus acodeword).

The selected ECC framework depends on error tolerance (e.g., falsepositive and false negative acceptance) and security. An ECC frameworkwith more codewords provides enhanced security (e.g., as a brute forcehacker would have to guess more codewords in order to crack thealgorithm). An ECC framework with less codewords provides greaterflexibility, allowing for more variation between the biological templateand the biological test sample. Accordingly, selecting the proper ECCframework can be based on a tradeoff between error tolerance andsecurity.

A hash of the codeword c is then generated. This is illustrated at step215. The hash can be generated by inputting the codeword c into acryptographic hash function (e.g., SHA-1, SHA-256, HAVAL, JH, MD5,Skein, Snefru, Spectral Hash, etc.). The hash representation h(c) canthen be stored for use at a later time in any suitable memory (e.g.,volatile memory (DRAM) or non-volatile memory (e.g., flash, 3DXP, tape,hard drive, solid state drive, etc.)).

A bit difference (e.g., exclusive or) denoted by y between theenrollment template x and the codeword c is then calculated and stored.This is illustrated at step 220. The bit difference can be calculated byan XOR operation (e.g., y=x XOR c), such that a zero in bit position krepresents that bits in x and c in position k are identical, and a onein bit position k represents that bits in position k in x and c aredifferent.

A biometric test sample is then received. This is illustrated at step225. The biometric sample can be obtained via a biometric scanner (e.g.,biometric scanner 115 of FIG. 1) configured to capture and storecharacteristics (in the same modality as done for enrollment) of a givenbiometric sample. The biometric test sample received from the biometricscanner can then be transformed into a binary sequence (in the samemanner it is done in enrollment) denoted by z. This is illustrated atstep 230.

In some embodiments, the test feature vector extracted from thebiometric test sample is converted into a soft binary representation atstep 230. In soft binarization, rather than converting the test sampleinto a binary representation (e.g., represented by bits), the sample isconverted into a soft binary form having probabilistic bits. Inconventional binarization, the biometric sample can be converted into ann-dimensional feature vector and compared, for example, to an unorderedset of hyperplanes. Based on whether the feature vector falls on thenegative or positive side of a given hyperplane, a binary value isstored.

However, this method does not account for the actual distance betweenthe feature vector and the hyperplane, and merely concerns the directionthe feature vector with respect to each hyperplane. For example, if afeature vector is positioned slightly on the negative side of ahyperplane (e.g., assigned a distance of −1) and a different featurevector is mapped slightly on the positive side of the same hyperplane(e.g., assigned a distance of +1), they will be assigned different bitvalues. Accordingly, soft binarization accounts for the magnitude of thefeature vector with respect to a given hyperplanes, rather than solelythe direction of each dimension with respect to the hyperplane.Following the example above, if a soft binarization algorithm is used,the assigned distance of −1 could be assigned soft binary value of 0.49(e.g., a 49% chance of being a 1), while the assigned distance of +1could be assigned a soft binary value of 0.51 (e.g., a 51% chance ofbeing a 1). As another example, an assigned distance of +1000 could beassigned a soft binary value of 1 (100% chance of being 1).

In embodiments, to determine the probabilistic bits, a variability modelbuilt on training data can be used. The variability model can be builtusing a plurality of biological samples taken for a set of subjectsdenoted, which are the “training set”. For each subject in the trainingset, multiple biometric samples are taken (such as multiple photos oftheir face). The biometric samples are processed using the same pipelinedescribed above (feature vector extraction and binarization). A machinelearning algorithm (such as a neural network on a multivariatecovariance model) is then trained to map a given feature vector into aset of probabilities, one for each bit. Given two biometrics samples (aand b) from a single person and given a scoring function f_k (neuralnetwork, hyperplane projection, etc.) that maps a feature vector to areal value which is then binarized to produce bit position k, thecorresponding bits are sign(f_j(a)) and sign(f_k(b)). A predictor suchas a neural network nn_k could be trained to estimate the probability ofsign(f_k(b)) to be equal to one given f_j(a). For instance, if f_j(a) isvery negative, the probability is very small. The predictor would betrained from many pairs of such a and b from many subjects in thetraining set.

A bit difference denoted by u between the bit difference (between thebiometric template x and the codeword c) y and the biometric sample z isthen calculated and stored. This is illustrated at step 235. The bitdifference u between y and z can similarly be calculated using an XORoperation (e.g., u=y XOR z). In this case we extend XOR to one hard-bitoperand (y) and one soft-bit (z). Note that z is defined as theprobability to be 1. In case of y=1, y XOR z is equal to z. In case ofy=0, y XOR z is equal to (1−z).

The (soft) bit difference u is then decoded using the ECC framework(soft) decoding step to obtain a codeword d. This is illustrated at step240. The ECC decoding step includes selecting the nearest codeword(e.g., in terms of hamming distance) to u. The ECC decoding step dependson the translation function used for encoding. For example, if aparticular bit sequence (111) is encoded (via a translation function)into a codeword (111111) (e.g., an extra element of redundancy per bit),and a bit flip occurred resulting in (011111), then two potentialcodewords of the corrupted sequence could be mapped to include (001111)and (111111). This example illustrates an instance in which the ECCframework can detect, but not fix, errors, as there are two potentialcodewords which are equal in terms of hamming distance (e.g., bothcodewords are 1 bit apart from the corrupted sequence) from thesequence.

The codeword d is then hashed (e.g., using the same function as in step215), and the hash is stored as h(d). This is illustrated at step 245.The hash of the codeword c, h(c), is then compared with the hash of thecodeword d, h(d). This is illustrated at step 250. A determination ismade whether the hashes of c and d match. This is illustrated at step255. The determination can be completed by determining whether each hashis represented by the same value. If the hashes match, the user isverified, as the biometric sample z was sufficiently close to thebiometric template x to decommit the encryption (e.g., and obtain asecret key or other protected data). This is illustrated at step 265. Inresponse to verifying the user, access can be granted to one or morecomputing resources (e.g., accounts, networks, machines, etc.). This canbe completed by revealing a secret key to the user in response to thevalidation, such that the secret key can be used to decrypt one or morealgorithms. If the hashes do not match, then a determination is madethat the biometric sample does not match. This is illustrated at step260. In some embodiments, if a determination is made that h(c) and h(d)do not match, the process 200 proceeds to step 270 of FIG. 2B.

Referring now to FIG. 2B, shown is a flow-diagram illustrating anextension of process 200 implementing a second security technique with asecond ECC framework, in accordance with embodiments of the presentdisclosure. The second security technique can be used as a secondattempt to verify the user using a second ECC framework. Specifically,the first ECC framework (e.g., as step 210) may not account for thevariability inherent in biometric authentication. By including morecodewords in the set M of the first ECC framework, the distance betweenany two codewords is less, which leads to greater security but lesserror tolerance. Accordingly, FIG. 2B illustrates a flow-diagram where,if the user was not verified using the first ECC framework, a second ECCframework with Q codewords is applied, where Q is less than M. Thoughfewer codewords reduces security (e.g., making brute-force attackseasier), security can still be maintained when using the second securitytechnique. This is because the second security technique integrates asecurity multiplier, to be discussed below.

Process 200 initiates where a codeword p of length N is selected fromthe second ECC framework having Q codewords. This is illustrated at step270. The codeword p can be randomly selected in a similar manner to step210 of FIG. 2A. However, the pool of codewords Q is smaller than thepool of codewords M. This increases the hamming distance between any twocodewords, thereby increasing the error tolerance of the validationtechnique. This is beneficial in situations where a user's biometricsample varies from the biometric template. For example, if a facialrecognition biometric template was collected from a user with a beard,and the user attempts to verify himself after shaving, there can besignificant variation between the template and the sample. Accordingly,using an ECC framework with higher error tolerance may permit propervalidation where a user's biometric sample differs from the user'sbiometric template.

A random bit sequence denoted by r of size R is then generated. This isillustrated at step 272. The codeword p selected from the second ECCframework and the random bit sequence r are then concatenated,generating pr. This is illustrated at step 274. For example, if thecodeword p is (00100) and the bit sequence r is (111), the concatenationof p and r would be (00100111). The concatenation pr is then hashed, andthe hashed representation h(pr) is stored. This is illustrated at step276. The hash can be generated using any suitable cryptographic hashfunction, such as those described with respect to step 215 of FIG. 2A.

A bit difference between the template x and the codeword p is thenstored, denoted by j. This is illustrated at step 278. The bitdifference can be calculated by using an XOR operation (e.g., j=x XORp). A bit difference can then be similarly calculated between thebiometric sample z and the bit difference j, denoted by w (e.g., w=z XORj). This is illustrated at step 280.

The bit difference w is then decoded using the second ECC decoding stepto select the nearest codeword in terms of hamming distance. This isillustrated at step 282. The codeword f is then selected as the nearestcodeword.

A random bit sequence denoted by r_i of size R is then generated. Thisis illustrated at step 284. The codeword f and the random bit sequencer_i of size R are then concatenated to generate a concatenatedrepresentation fr_i. This is illustrated at step 286. The concatenatedrepresentation fr_i is then hashed. The hashed representation h(fr_i) isthen stored. This is illustrated at step 288. The hashes h(pr) andh(fr_i) are then compared. This is illustrated at step 290. Adetermination is made whether the hashes match (e.g., whether the hashvalues are identical). This is illustrated at step 292. If the hashesare identical, the biometric sample is verified as a match, and accessto one or more resources can be granted. This is illustrated at step298. If the hashes h(pr) and h(fr_i) do not match, a determination ismade whether all permutations of the binary sequence r_i are attempted.This is illustrated at step 294. If all permutations of r_i have notbeen attempted, another random bit sequence r_i is generated (e.g., adifferent permutation of the bit sequence of length R). If allpermutations of r_i have been attempted, then a determination is madethat the biometric sample does not match the biometric template. This isillustrated at step 296. The user can then be denied access (e.g.,prevented from logging into a website, accessing a database, logginginto an account, etc.).

By adding a random bit sequence r to the codeword p prior to hashing,the authentication runtime is multiplied (e.g., using a first securitymultiplier). Based on the length R of the random bit sequence r, moreguesses of r_i (e.g., which is a random bit sequence of the same lengthR) are completed before a match occurs (e.g., at step 284). For example,if a random bit sequence with a size of 5 bits is selected as (01100),2⁵ guesses are required before the bit sequence (01100) is guaranteed tobe attempted. If the proper bit sequence is not selected at step 294,then each other permutation is guessed, in turn, at step 284. When allpermutations of r_i have been attempted, if there still is not a match,a determination is made that the biological sample is not verified asthe user at step 296.

Though the run-time of authentication is increased by adding a randombit string prior to hashing, the time required for a brute-force attackis multiplied by the same factor. For example, if authenticationtypically takes 0.1 microseconds, and the authentication runtime isincreased by a factor of 1,000 as a result of being required to guesseach permutation of r_i of size R, then the time required forauthentication would increase to 0.1 milliseconds. Similarly, if thetime required to brute force crack (e.g., to guess the correct codewordin the ECC framework) the algorithm takes 1 day, and the time requiredfor brute force cracking increases by a factor of 1,000 as a result ofhaving to guess each permutation of r_i, then the time required tobrute-force crack the algorithm would increase to 1,000 days. Thissolution can increase the amount of time required for authentication andbrute-force cracking. However, the time required for authentication canremain reasonable, while the time required for brute-force cracking canbecome infeasible. Further, by adding a time-multiplier to the secondECC framework with less codewords in the pool Q, security can still bemaintained though there are less codewords for a brute force attacker toguess.

Referring now to FIG. 3, shown is a flow-diagram of a process 300 forbiometric authentication of a user via two security techniques, inaccordance with embodiments of the present disclosure. Process 300initiates where a user template and a user sample are compared using afirst security technique including a first ECC framework with Mcodewords. This is illustrated at step 305. In embodiments, thecomparison at step 305 can be completed in the manner depicted in FIG.2A. Based on the comparison with the first ECC framework, adetermination is made whether the sample and template match (e.g., step255 of FIG. 1). This is illustrated at step 310. If the template andsample match, the user is verified. This is illustrated at step 325.

If a determination is made that the template and sample do not match,the template and sample are compared using a second security techniqueincluding a second ECC framework and a first security multiplier. Thisis illustrated at step 315. The second ECC framework includes Qcodewords, where Q<M. A determination is then made whether there is amatch between the biometric template and biometric sample (e.g., whetherthe hashes of the codewords match). This is illustrated at step 320. Ifthere is a match, the user is verified. This is illustrated at step 325.If there is not a match, then process 300 ends, and the user can bedenied access.

Increasing the number of codewords enhances the security of the systemby increasing the number of attempts (e.g., guesses) needed by a bruteforce hacker. However, increasing the number of codewords decreases theerror tolerance between the biometric template and biometric sample, asthe distance (e.g., hamming distance) between codewords decreases.Accordingly, by verifying the user via two security techniques with tworespective ECC frameworks, both security and error tolerance benefitsare attained.

Further, by adding a security multiplier to the second securitytechnique, even if there are significantly fewer codewords in the secondECC framework, security can still be maintained by artificiallyenhancing the security. In some embodiments, the security multiplier canbe substantially similar to the security multiplier described withrespect to FIG. 2B (e.g., by adding a random bit sequence prior tohashing, and during test time, guessing every permutation of the randombit sequence until a match occurs). In some embodiments, the securitymultiplier can include running multiple hashes on each respectivecodeword. For example, each codeword (e.g., codeword c and codeword d ofFIG. 2A) can be hashed hundreds of times in sequence via distinctcryptographic hash functions (e.g., the security multiplier includeskey-stretching). In these embodiments, the stretched hashrepresentations can be compared to determine whether there is a match.This method similarly multiplies the runtime of the authenticationmethod. However, brute force cracking is multiplied by the same factor.By determining an optimal time multiplier, the time taken forauthentication can remain reasonable, while the time required for abrute-force crack can become infeasible.

It is to be understood that although this disclosure includes a detaileddescription on cloud computing, implementation of the teachings recitedherein are not limited to a cloud computing environment. Rather,embodiments of the present disclosure are capable of being implementedin conjunction with any other type of computing environment now known orlater developed.

Cloud computing is a model of service delivery for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g., networks, network bandwidth, servers, processing,memory, storage, applications, virtual machines, and services) that canbe rapidly provisioned and released with minimal management effort orinteraction with a provider of the service. This cloud model can includeat least five characteristics, at least three service models, and atleast four deployment models.

Characteristics are as follows:

On-demand self-service: a cloud consumer can unilaterally provisioncomputing capabilities, such as server time and network storage, asneeded automatically without requiring human interaction with theservice's provider.

Broad network access: capabilities are available over a network andaccessed through standard mechanisms that promote use by heterogeneousthin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to servemultiple consumers using a multi-tenant model, with different physicaland virtual resources dynamically assigned and reassigned according todemand. There is a sense of location independence in that the consumergenerally has no control or knowledge over the exact location of theprovided resources but can be able to specify location at a higher levelof abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time.

Measured service: cloud systems automatically control and optimizeresource use by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported, providing transparency for both theprovider and consumer of the utilized service.

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer isto use the provider's applications running on a cloud infrastructure.The applications are accessible from various client devices through athin client interface such as a web browser (e.g., web-based e-mail).The consumer does not manage or control the underlying cloudinfrastructure including network, servers, operating systems, storage,or even individual application capabilities, with the possible exceptionof limited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer isto deploy onto the cloud infrastructure consumer-created or acquiredapplications created using programming languages and tools supported bythe provider. The consumer does not manage or control the underlyingcloud infrastructure including networks, servers, operating systems, orstorage, but has control over the deployed applications and possiblyapplication hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to theconsumer is to provision processing, storage, networks, and otherfundamental computing resources where the consumer is able to deploy andrun arbitrary software, which can include operating systems andapplications. The consumer does not manage or control the underlyingcloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networkingcomponents (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated solely for anorganization. It can be managed by the organization or a third party andcan exist on-premises or off-premises.

Community cloud: the cloud infrastructure is shared by severalorganizations and supports a specific community that has shared concerns(e.g., mission, security requirements, policy, and complianceconsiderations). It can be managed by the organizations or a third partyand can exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the generalpublic or a large industry group and is owned by an organization sellingcloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or moreclouds (private, community, or public) that remain unique entities butare bound together by standardized or proprietary technology thatenables data and application portability (e.g., cloud bursting forload-balancing between clouds).

A cloud computing environment is service oriented with a focus onstatelessness, low coupling, modularity, and semantic interoperability.At the heart of cloud computing is an infrastructure that includes anetwork of interconnected nodes.

Referring now to FIG. 4, illustrative cloud computing environment 410 isdepicted. As shown, cloud computing environment 410 includes one or morecloud computing nodes 400 with which local computing devices used bycloud consumers, such as, for example, personal digital assistant (PDA)or cellular telephone 400A (e.g., biometric scanner 115, computer system125), desktop computer 400B (e.g., biometric scanner 115, computersystem 125) laptop computer 400C (e.g., biometric scanner 115, computersystem 125), and/or automobile computer system 400N may communicate.Nodes 400 may communicate with one another. They may be grouped (notshown) physically or virtually, in one or more networks, such asPrivate, Community, Public, or Hybrid clouds as described hereinabove,or a combination thereof. This allows cloud computing environment 410 tooffer infrastructure, platforms and/or software as services for which acloud consumer does not need to maintain resources on a local computingdevice. It is understood that the types of computing devices 400A-Nshown in FIG. 4 are intended to be illustrative only and that computingnodes 400 and cloud computing environment 410 can communicate with anytype of computerized device over any type of network and/or networkaddressable connection (e.g., using a web browser).

Referring now to FIG. 5, a set of functional abstraction layers providedby cloud computing environment 410 (FIG. 4) is shown. It should beunderstood in advance that the components, layers, and functions shownin FIG. 5 are intended to be illustrative only and embodiments of thedisclosure are not limited thereto. As depicted below, the followinglayers and corresponding functions are provided.

Hardware and software layer 500 includes hardware and softwarecomponents. Examples of hardware components include: mainframes 502;RISC (Reduced Instruction Set Computer) architecture based servers 504;servers 506; blade servers 508; storage devices 510; and networks andnetworking components 512. In some embodiments, software componentsinclude network application server software 514 and database software516.

Virtualization layer 520 provides an abstraction layer from which thefollowing examples of virtual entities may be provided: virtual servers522; virtual storage 524; virtual networks 526, including virtualprivate networks; virtual applications and operating systems 528; andvirtual clients 530.

In one example, management layer 540 may provide the functions describedbelow. Resource provisioning 542 provides dynamic procurement ofcomputing resources and other resources that are utilized to performtasks within the cloud computing environment. For example, resourceprovisioning 542 may obtain a suitable number of processing devices toprocess static sensor data. Metering and Pricing 544 provide costtracking as resources are utilized within the cloud computingenvironment, and billing or invoicing for consumption of theseresources. In one example, these resources may include applicationsoftware licenses. Security provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.User portal 546 provides access to the cloud computing environment forconsumers and system administrators. Service level management 548provides cloud computing resource allocation and management such thatrequired service levels are met. Service level management 548 mayallocate suitable processing power and memory to process static sensordata. Service Level Agreement (SLA) planning and fulfillment 550 providepre-arrangement for, and procurement of, cloud computing resources forwhich a future requirement is anticipated in accordance with an SLA.

Workloads layer 560 provides examples of functionality for which thecloud computing environment may be utilized. Examples of workloads andfunctions which may be provided from this layer include: mapping andnavigation 562; software development and lifecycle management 564;biometric data processing 566; data analytics processing 568;transaction processing 570; and security enhancement 572.

Referring now to FIG. 6, shown is a high-level block diagram of anexample computer system 601 (e.g., biometric scanner 115, computersystem 125) that may be used in implementing one or more of the methods,tools, and modules, and any related functions, described herein (e.g.,using one or more processor circuits or computer processors of thecomputer), in accordance with embodiments of the present disclosure. Insome embodiments, the major components of the computer system 601 maycomprise one or more CPUs 602, a memory subsystem 604, a terminalinterface 612, a storage interface 614, an I/O (Input/Output) deviceinterface 616, and a network interface 618, all of which may becommunicatively coupled, directly or indirectly, for inter-componentcommunication via a memory bus 603, an I/O bus 608, and an I/O businterface unit 610.

The computer system 601 may contain one or more general-purposeprogrammable central processing units (CPUs) 602A, 602B, 602C, and 602D,herein generically referred to as the CPU 602. In some embodiments, thecomputer system 601 may contain multiple processors typical of arelatively large system; however, in other embodiments the computersystem 601 may alternatively be a single CPU system. Each CPU 602 mayexecute instructions stored in the memory subsystem 604 and may includeone or more levels of on-board cache.

System memory 604 may include computer system readable media in the formof volatile memory, such as random access memory (RAM) 622 or cachememory 624. Computer system 601 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 626 can be provided forreading from and writing to a non-removable, non-volatile magneticmedia, such as a “hard-drive.” Although not shown, a magnetic disk drivefor reading from and writing to a removable, non-volatile magnetic disk(e.g., a “floppy disk”), or an optical disk drive for reading from orwriting to a removable, non-volatile optical disc such as a CD-ROM,DVD-ROM or other optical media can be provided. In addition, memory 604can include flash memory, e.g., a flash memory stick drive or a flashdrive. Memory devices can be connected to memory bus 603 by one or moredata media interfaces. The memory 604 may include at least one programproduct having a set (e.g., at least one) of program modules that areconfigured to carry out the functions of various embodiments.

One or more programs/utilities 628, each having at least one set ofprogram modules 630 may be stored in memory 604. The programs/utilities628 may include a hypervisor (also referred to as a virtual machinemonitor), one or more operating systems, one or more applicationprograms, other program modules, and program data. Each of the operatingsystems, one or more application programs, other program modules, andprogram data or some combination thereof, may include an implementationof a networking environment. Programs 628 and/or program modules 630generally perform the functions or methodologies of various embodiments.

In some embodiments, the program modules 630 of the computer system 601may include a biometric security module. The biometric security modulecan be configured to compare a biometric template and a biometric sampleusing a first security technique having a first ECC framework with afirst number of codewords. The biometric security module can beconfigured to determine that the biometric template and biometric sampledo not match using the first security technique. The biometric securitymodule can be configured to compare the biometric template and thebiometric sample using a second security technique having a second ECCframework with a second number of codeword, the second number ofcodewords less than the first number of codewords. The biometricsecurity module can then be configured to determine that the biometrictemplate and the biometric sample match, and a user associated with thebiometric sample can be verified.

Although the memory bus 603 is shown in FIG. 6 as a single bus structureproviding a direct communication path among the CPUs 602, the memorysubsystem 604, and the I/O bus interface 610, the memory bus 603 may, insome embodiments, include multiple different buses or communicationpaths, which may be arranged in any of various forms, such aspoint-to-point links in hierarchical, star or web configurations,multiple hierarchical buses, parallel and redundant paths, or any otherappropriate type of configuration. Furthermore, while the I/O businterface 610 and the I/O bus 608 are shown as single respective units,the computer system 601 may, in some embodiments, contain multiple I/Obus interface units 610, multiple I/O buses 608, or both. Further, whilemultiple I/O interface units are shown, which separate the I/O bus 608from various communications paths running to the various I/O devices, inother embodiments some or all of the I/O devices may be connecteddirectly to one or more system I/O buses.

In some embodiments, the computer system 601 may be a multi-usermainframe computer system, a single-user system, or a server computer orsimilar device that has little or no direct user interface, but receivesrequests from other computer systems (clients). Further, in someembodiments, the computer system 601 may be implemented as a desktopcomputer, portable computer, laptop or notebook computer, tabletcomputer, pocket computer, telephone, smart phone, network switches orrouters, or any other appropriate type of electronic device.

It is noted that FIG. 6 is intended to depict the representative majorcomponents of an exemplary computer system 601. In some embodiments,however, individual components may have greater or lesser complexitythan as represented in FIG. 6, components other than or in addition tothose shown in FIG. 6 may be present, and the number, type, andconfiguration of such components may vary.

As discussed in more detail herein, it is contemplated that some or allof the operations of some of the embodiments of methods described hereinmay be performed in alternative orders or may not be performed at all;furthermore, multiple operations may occur at the same time or as aninternal part of a larger process.

The present disclosure may be a system, a method, and/or a computerprogram product. The computer program product may include a computerreadable storage medium (or media) having computer readable programinstructions thereon for causing a processor to carry out aspects of thepresent disclosure.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers, and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present disclosure may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language such as Smalltalk, C++ or the like, andconventional procedural programming languages, such as the “C”programming language or similar programming languages. The computerreadable program instructions may execute entirely on the user'scomputer, partly on the user's computer, as a stand-alone softwarepackage, partly on the user's computer and partly on a remote computeror entirely on the remote computer or server. In the latter scenario,the remote computer may be connected to the user's computer through anytype of network, including a local area network (LAN) or a wide areanetwork (WAN), or the connection may be made to an external computer(for example, through the Internet using an Internet Service Provider).In some embodiments, electronic circuitry including, for example,programmable logic circuitry, field-programmable gate arrays (FPGA), orprogrammable logic arrays (PLA) may execute the computer readableprogram instructions by utilizing state information of the computerreadable program instructions to personalize the electronic circuitry,in order to perform aspects of the present disclosure.

Aspects of the present disclosure are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of thedisclosure. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present disclosure. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the variousembodiments. As used herein, the singular forms “a,” “an,” and “the” areintended to include the plural forms as well, unless the context clearlyindicates otherwise. It will be further understood that the terms“includes” and/or “including,” when used in this specification, specifythe presence of the stated features, integers, steps, operations,elements, and/or components, but do not preclude the presence oraddition of one or more other features, integers, steps, operations,elements, components, and/or groups thereof. In the previous detaileddescription of example embodiments of the various embodiments, referencewas made to the accompanying drawings (where like numbers represent likeelements), which form a part hereof, and in which is shown by way ofillustration specific example embodiments in which the variousembodiments may be practiced. These embodiments were described insufficient detail to enable those skilled in the art to practice theembodiments, but other embodiments may be used and logical, mechanical,electrical, and other changes may be made without departing from thescope of the various embodiments. In the previous description, numerousspecific details were set forth to provide a thorough understanding thevarious embodiments. But, the various embodiments may be practicedwithout these specific details. In other instances, well-known circuits,structures, and techniques have not been shown in detail in order not toobscure embodiments.

Different instances of the word “embodiment” as used within thisspecification do not necessarily refer to the same embodiment, but theymay. Any data and data structures illustrated or described herein areexamples only, and in other embodiments, different amounts of data,types of data, fields, numbers and types of fields, field names, numbersand types of rows, records, entries, or organizations of data may beused. In addition, any data may be combined with logic, so that aseparate data structure may not be necessary. The previous detaileddescription is, therefore, not to be taken in a limiting sense.

The descriptions of the various embodiments of the present disclosurehave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the describedembodiments. The terminology used herein was chosen to best explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of ordinary skill in the art to understand the embodimentsdisclosed herein.

Although the present disclosure has been described in terms of specificembodiments, it is anticipated that alterations and modification thereofwill become apparent to the skilled in the art. Therefore, it isintended that the following claims be interpreted as covering all suchalterations and modifications as fall within the true spirit and scopeof the disclosure.

What is claimed is:
 1. A system comprising: a memory storing programinstructions; and a processor, wherein the processor is configured toexecute the program instructions to perform a method comprising:comparing a biometric template and a biometric sample using a firstsecurity technique, the first security technique having a first errorcorrecting code (ECC) framework with a first number of codewords,wherein comparing the biometric template and the biometric sample usingthe first security technique includes: receiving the biometric templaterepresented by a binary sequence with a first bit length; and selectinga first codeword of the first bit length from the first number ofcodewords of the first ECC framework, each codeword of the first numberof codewords mapping to input binary sequences having the first bitlength; determining that the biometric template and the biometric sampledo not match using the first security technique; comparing, in responseto determining that the biometric template and the biometric sample donot match using the first security technique, the biometric template andthe biometric sample using a second security technique, the secondsecurity technique having a second ECC framework with a second number ofcodewords, where the second number of codewords is less than the firstnumber of codewords; determining that the biometric template and thebiometric sample match using the second security technique; andvalidating a user associated with the biometric sample.
 2. The system ofclaim 1, wherein, after the selecting, comparing the biometric templateand the biometric sample using the first security technique having thefirst ECC framework includes: generating a random binary sequence havinga second bit length; concatenating the first codeword of the first bitlength with the random binary sequence having the second bit length togenerate a concatenated representation; hashing the concatenatedrepresentation to generate a first hash representation; storing a firstbit difference between the biometric template and the selected codeword;receiving, during a test time, the biometric sample from the user, thebiometric sample represented by a binary sequence with the first bitlength; storing a second bit difference between the biometric sample andthe first bit difference; decoding the second bit difference, using thefirst ECC framework, by selecting a second codeword, the second codewordbeing nearest in terms of bit distance to the second bit difference;concatenating the second codeword with a random bit binary sequencehaving the second bit length to generate a second concatenatedrepresentation; hashing the second concatenated representation togenerate a second hash representation; and comparing the first hashrepresentation and the second hash representation.
 3. The system ofclaim 2, wherein determining that the biometric template and thebiometric sample do not match using the first security techniqueincludes: determining that the first hash representation and the secondhash representation do not match.
 4. The system of claim 3, wherein, inresponse to determining that the first hash representation and thesecond hash representation do not match, each other bit permutation ofthe binary sequence having the second bit length is attempted, where ifeach attempt fails, the biometric sample is invalidated using the firstsecurity technique.
 5. The system of claim 1, wherein, when comparingthe biometric template and biometric sample using the second securitytechnique having the second ECC framework, the biometric sample is softbinarized and compared to the biometric template.
 6. The system of claim1, wherein the second security technique includes a first securitymultiplier.
 7. The system of claim 6, wherein the first securitymultiplier includes key-stretching.
 8. A method comprising: comparing abiometric template and a biometric sample using a first securitytechnique, the first security technique having a first error correctingcode (ECC) framework with a first number of codewords, wherein comparingthe biometric template and the biometric sample using the first securitytechnique includes: receiving the biometric template represented by abinary sequence with a first bit length; and selecting a first codewordof the first bit length from the first number of codewords of the firstECC framework, each codeword of the first number of codewords mapping toinput binary sequences having the first bit length; determining that thebiometric template and the biometric sample do not match using the firstsecurity technique; comparing, in response to determining that thebiometric template and the biometric sample do not match using the firstsecurity technique, the biometric template and the biometric sampleusing a second security technique, the second security technique havinga second ECC framework with a second number of codewords, where thesecond number of codewords is less than the first number of codewords;determining that the biometric template and the biometric sample matchusing the second security technique; and validating a user associatedwith the biometric sample.
 9. The method of claim 8, wherein, after theselecting, comparing the biometric template and the biometric sampleusing the first security technique having the first error correctingcode (ECC) framework includes: generating a random binary sequencehaving a second bit length; concatenating the first codeword of thefirst bit length with the random binary sequence having the second bitlength to generate a concatenated representation; hashing theconcatenated representation to generate a first hash representation;storing a first bit difference between the biometric template and theselected codeword; receiving, during a test time, the biometric samplefrom the user, the biometric sample represented by a binary sequencewith the first bit length; storing a second bit difference between thebiometric sample and the first bit difference; decoding the second bitdifference, using the first ECC framework, by selecting a secondcodeword, the second codeword being nearest in terms of bit distance tothe second bit difference; concatenating the second codeword with arandom bit binary sequence having the second bit length to generate asecond concatenated representation; hashing the second concatenatedrepresentation to generate a second hash representation; and comparingthe first hash representation and the second hash representation. 10.The method of claim 9, wherein determining that the biometric templateand the biometric sample do not match using the first security techniqueincludes: determining that the first hash representation and the secondhash representation do not match.
 11. The method of claim 10, wherein,in response to determining that the first hash representation and thesecond hash representation do not match, each other bit permutation ofthe binary sequence having the second bit length is attempted, where ifeach attempt fails, the biometric sample is invalidated using the firstsecurity technique.
 12. The method of claim 8, wherein, when comparingthe biometric template and biometric sample using the second securitytechnique having the second ECC framework, the biometric sample is softbinarized and compared to the biometric template.
 13. The method ofclaim 8, wherein the second security technique includes a first securitymultiplier.
 14. The method of claim 13, wherein the first securitymultiplier includes key-stretching.
 15. A computer program productcomprising a computer readable storage medium having programinstructions embodied therewith, wherein the computer readable storagemedium is not a transitory signal per se, the program instructionsexecutable by a processor to cause the processor to perform a methodcomprising: comparing a biometric template and a biometric sample usinga first security technique, the first security technique having a firsterror correcting code (ECC) framework with a first number of codewords,wherein comparing the biometric template and the biometric sample usingthe first security technique includes: receiving the biometric templaterepresented by a binary sequence with a first bit length; and selectinga first codeword of the first bit length from the first number ofcodewords of the first ECC framework, each codeword of the first numberof codewords mapping to input binary sequences having the first bitlength; determining that the biometric template and the biometric sampledo not match using the first security technique; comparing, in responseto determining that the biometric template and the biometric sample donot match using the first security technique, the biometric template andthe biometric sample using a second security technique, the secondsecurity technique having a second ECC framework with a second number ofcodewords, where the second number of codewords is less than the firstnumber of codewords; determining that the biometric template and thebiometric sample match using the second security technique; andvalidating a user associated with the biometric sample.
 16. The computerprogram product of claim 15, wherein, after the selecting, comparing thebiometric template and the biometric sample using the first securitytechnique having the first error correcting code (ECC) frameworkincludes: generating a random binary sequence having a second bitlength; concatenating the first codeword of the first bit length withthe random binary sequence having the second bit length to generate aconcatenated representation; hashing the concatenated representation togenerate a first hash representation; storing a first bit differencebetween the biometric template and the selected codeword; receiving,during a test time, the biometric sample from the user, the biometricsample represented by a binary sequence with the first bit length;storing a second bit difference between the biometric sample and thefirst bit difference; decoding the second bit difference, using thefirst ECC framework, by selecting a second codeword, the second codewordbeing nearest in terms of bit distance to the second bit difference;concatenating the second codeword with a random bit binary sequencehaving the second bit length to generate a second concatenatedrepresentation; hashing the second concatenated representation togenerate a second hash representation; and comparing the first hashrepresentation and the second hash representation.
 17. The computerprogram product of claim 16, wherein determining that the biometrictemplate and the biometric sample do not match using the first securitytechnique includes: determining that the first hash representation andthe second hash representation do not match.
 18. The computer programproduct of claim 17, wherein, in response to determining that the firsthash representation and the second hash representation do not match,each other bit permutation of the binary sequence having the second bitlength is attempted, where if each attempt fails, the biometric sampleis invalidated using the first security technique.
 19. The computerprogram product of claim 15, wherein, when comparing the biometrictemplate and biometric sample using the second security technique havingthe second ECC framework, the biometric sample is soft binarized andcompared to the biometric template.
 20. The computer program product ofclaim 15, wherein the second security technique includes a firstsecurity multiplier.